package com.feidee.fdhadoop.kerberos;

import org.apache.log4j.Logger;

import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.io.InputStream;

public class KerberosAuthentication {
	private static Logger logger = Logger.getLogger(KerberosAuthentication.class);
	public static String path;

//	static {
//		if (CommonConstant.ENV_TEST.equals(CustomConfiguration.getString(CommonConstant.ENV_KEY)) || CommonConstant.ENV_DEV.equals(CustomConfiguration.getString(CommonConstant.ENV_KEY))) {
//			try {
//				path = getPath();
//				String keyTabFileName = "test_data_team.keytab";
//				String krb5FileName = "test_krb5.conf";
//				if (CommonConstant.ENV_LIVE.equals(CustomConfiguration.getString(CommonConstant.ENV_KEY))) {
//					keyTabFileName = "data_team.keytab";
//					krb5FileName = "krb5.conf";
//				}
//				writeKRB5(krb5FileName);
//				writeKeyTab(keyTabFileName, "new_data_team.keytab");
//				writeKeyTab(keyTabFileName, "new_kafka_spark.keytab");
//				writeKafkaSparkConf();
//				writeKafkaConf();
//			} catch (Exception e) {
//				logger.error("Kerberos 生成验证文件失败", e);
//			}
//		}
//	}

	public static void authenticate() {
//		if (CommonConstant.ENV_TEST.equals(CustomConfiguration.getString(CommonConstant.ENV_KEY)) || CommonConstant.ENV_DEV.equals(CustomConfiguration.getString(CommonConstant.ENV_KEY))) {
//			try {
//				String user = "data_team@HADOOP.COM";
//				String keyTabPath = path + "new_data_team.keytab";
//				Configuration conf = new Configuration();
//				conf.set("hadoop.security.authentication", "Kerberos");
//				System.setProperty("java.security.krb5.conf", path + "new_krb5.conf");
//				System.setProperty("java.security.auth.login.config", path + "kafka_client_jaas.conf");
//				System.setProperty("sasl.kerberos.min.time.before.relogin", "300000");
//				UserGroupInformation.setConfiguration(conf);
//				UserGroupInformation.loginUserFromKeytab(user, keyTabPath);
//			} catch (Exception e) {
//				logger.error("Kerberos 验证设置失败", e);
//			}
//		}
	}

	public static void writeKRB5(String krb5FileName) {
		try {
			byte[] b = new byte[1024];
			int length;
			InputStream in = KerberosAuthentication.class.getClassLoader().getResourceAsStream(krb5FileName);
			FileOutputStream out = new FileOutputStream(path + "new_krb5.conf");
			while ((length = in.read(b)) != -1) {
				out.write(b, 0, length);
			}
			out.close();
			in.close();
			logger.info("Kerberos 验证文件 " + krb5FileName + " 输出到" + path + "成功");
		} catch (Exception e) {
			logger.error("Kerberos 验证文件 " + krb5FileName + " 输出失败");
		}
	}

	public static void writeKeyTab(String keyTabFileName, String newFileName) {
		try {
			byte[] b = new byte[1024];
			int length;
			InputStream in = KerberosAuthentication.class.getClassLoader().getResourceAsStream(keyTabFileName);
			FileOutputStream out = new FileOutputStream(path + newFileName);
			while ((length = in.read(b)) != -1) {
				out.write(b, 0, length);
			}
			out.close();
			in.close();
			logger.info("Kerberos 验证文件 " + keyTabFileName + " 输出到" + path + "成功");
		} catch (Exception e) {
			logger.error("Kerberos 验证文件 " + keyTabFileName + " 输出失败");
		}
	}

	private static void writeKafkaConf() {
		try {
			FileOutputStream outSTr = new FileOutputStream(path + "kafka_client_jaas.conf");
			BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outSTr);
			bufferedOutputStream.write("KafkaClient {\n".getBytes());
			bufferedOutputStream.write("    com.sun.security.auth.module.Krb5LoginModule required\n".getBytes());
			bufferedOutputStream.write("    useKeyTab=true\n".getBytes());
			bufferedOutputStream.write("    storeKey=true\n".getBytes());
			bufferedOutputStream.write(("    keyTab=\"" + path + "new_data_team.keytab\"\n").getBytes());
			bufferedOutputStream.write("    principal=\"data_team@HADOOP.COM\";\n".getBytes());
			bufferedOutputStream.write("};\n".getBytes());
			bufferedOutputStream.flush();
			bufferedOutputStream.close();
			logger.info("Kerberos 验证文件 kafka_client_jaas.conf 输出到" + path + "成功");
		} catch (Exception e) {
			logger.info("Kerberos 验证文件 kafka_client_jaas.conf 输出到" + path + "失败", e);
		}
	}

	private static void writeKafkaSparkConf() {
		try {
			byte[] b = new byte[1024];
			int length;
			InputStream in = KerberosAuthentication.class.getClassLoader().getResourceAsStream("kafka_spark_jaas.conf");
			FileOutputStream out = new FileOutputStream(path + "kafka_spark_jaas.conf");
			while ((length = in.read(b)) != -1) {
				out.write(b, 0, length);
			}
			out.close();
			in.close();
			logger.info("Kerberos 验证文件 kafka_spark_jaas.conf 输出到" + path + "成功");
		} catch (Exception e) {
			logger.error("Kerberos 验证文件 kafka_spark_jaas.conf 输出失败");
		}
	}

	private static String getPath() {
		String path = KerberosAuthentication.class.getClassLoader().getResource("test_krb5.conf")
				.getPath().replace("\\", "/");
		if (path.startsWith("file:")) {
			path = path.substring(5);
		}
		if (path.endsWith(".conf")) {
			path = path.substring(0, path.length() - 15);
		}
		if (path.contains(".jar!")) {
			path = path.substring(0, path.split("\\.jar!")[0].lastIndexOf("/") + 1);
		}
		return path;
	}
}
